The described aspects generally relate to access security on computing devices. More particularly, the described aspects relate to apparatus and methods of authorizing access to computing devices such that privileged actions may be performed only by authorized parties.
Advances in technology have resulted in smaller and more powerful personal computing devices. For example, there currently exist a variety of portable personal computing devices, including wireless computing devices, such as portable wireless telephones, personal digital assistants (PDAs) and paging devices, which are each small, lightweight, and can be easily carried by users. More specifically, the portable wireless telephones, for example, further include cellular telephones that communicate voice and data packets over wireless networks. Further, many such cellular telephones are being manufactured with relatively large increases in computing capabilities, and as such, are becoming tantamount to small personal computers and hand-held PDAs.
In some cases, an entity such as a software developer operating a first computing device may desire access to applications and data residing on a second computing device. The device to be accessed may include protection mechanisms to control the access to its device resources. For example, protection mechanisms have included encryption protocols that provide only a simple all or nothing access to the device.
Other systems that provide secure communications between a client computing device and external devices are known to do so by, at least in part, having a secure credential installed on the client computing device at the time of manufacture. In one example, a service provider provides a secure credential to the manufacturer of the client computing device such that the manufacturer can install the secure credential during the manufacturing process.
In some systems, secure communication is provided, in part, by the installation or programming of phones by an authorized agent. Such programming can occur after the client computing devices have been manufactured and shipped. In one example, a secure credential is installed on the client computing device at the time and place of sale of the device. Here, in at least one example, an authorized agent inputs a code, from a list of unique secure codes, into the client computing device. In other instances, automated readers are used to transfer individual secure codes to each client computing device. This process avoids some of the difficulties associated with programming such client computing devices at the time of manufacture, such as adding a dynamic manufacturing step to a typically static process. However, this process still includes its own difficulties and vulnerabilities, including the problem of potential unauthorized access to the list of secure credentials that would allow unauthorized entities to spoof the identity of an otherwise authorized device.
Further, typical hard-wired or hard-coded approaches to using credentials require each client device be physically serviced by a service technician whenever a situation, such as a security breach, has occurred. Such a situation includes, for example, the need to replace, add, and/or otherwise update one or more credentials. The operational cost of a requirement to be physically serviced by a service technician is extremely high, particularly when large numbers of client devices are compromised.
More specifically, one such mechanism for authorizing privileged access to a device over serial connections includes the use of service programming codes (SPCs). Due to their lack of expressiveness, ease of illicit spread, and lack of traceability, SPCs are not well suited to controlling access with fine-grained or high-powered privileges.
Accordingly it would be advantageous to include many of the secure communication advantages inherent in general secure communications techniques, such as those associated with the use of secure credentials, while also avoiding other less advantageous aspects of such existing systems, such as the problems associated with storing cryptographic algorithms on wireless devices, requiring the installation of secure credentials at the time of manufacture or the programming of secure credentials at point-of-sale locations and the ability to update or replace these credentials in the event of a security breach.